Saturday, December 3, 2016

Oracle API Gateway: Failed to connect admin node manager in policy studio

I was trying to connect to admin server but getting invalid credential every time.


I tried by resetting the admin password to "changeme" and then after connecting admin node manager again change your password.

  • Stop all the servers.
  • Go to OAG/apigateway/conf/ directory and open adminUsers.json.
  • look for following in file
       "adminUserCredentials" : {
                 "user-1" : {
                    "passwordHistory" : [                           "$/8Ior+VsgFNBS2TUQNEljw==$RUAJebwyScFlFDowiIb1UaD1mjCADwb8W5OuEnEPAF0=" ],
                              "passwordTimestamp" : 1480673759834

  • change the passwordHistory value to $YnvZfrp5j1q3xJPhPuUL5w==$DcnmqeXQO8T/TmRa2kPyYSJbf8DD/JUg3v3i6xF0HQk (this is a encrypted password i.e. changeme)
  • now restart the server
  • try to connect admin node manager in policy studio.

  • Oracle support document - Doc ID 2056193.1

Sunday, October 16, 2016

Oracle API Gateway: Docker image for OAG

I was working on the Docker which is used to create virtual machines based on container. As per docker documentation Docker is still maturing for the production type environment but it can be used for development and other non-prod environments.

you can get the docker file from github location :

Build Docker Image

docker build -t oracle/oag: -f ./DockerFile .

Run OAG Docker Image

--run docker image
docker run -d -p 9090:8090 --user=oracle -e "DISPLAY=localhost:0.0" --name=OAG --shm-size=2g -t oracle/oag:

--run oag nodemanager in docker container
docker exec -it OAG /u01/oracle/product/OAG- &

--run oag instance in docker container
docker exec -it OAG /u01/oracle/product/OAG- -n "Gateway1" -g "Group1" &

Oracle API Gateway : File based KPS collection in OAG

KPS stands for Key Property Store is a collection of data stored in table structure referenced by policies running on Oracle API Gateway instance. KPS data can be stored in three different ways:

  • Embedded Apache Cassandra database
  • Relational SQL Database
  • JSON File System.

In this blog post I am going to discuss about configuring kps using json file system and how to access these kps collection in OAG policies.


In my scenario, I have used kps as key-value pair to store the environment properties like hostname, port, URI etc. as shown below:

These values changes for different environments like prod or non-prod.

Steps to configure KPS 
  • Open oag policy studio -> right click on Key Property Stores and select Add KPS Collection
  • Create new kps collection with name "Settings"

  • Right click on Settings KPS collection and select Add Table
  • Create table with name "Properties" and create structure as below
  • deploy the configuration.

Edit the values of KPS
  • Open node manager console -> https://host:port/8090
  • Go to settings tab -> Key Property Stores as shown below
  • Select table and add new entry or you can edit the value of existing record. you can not edit the column marked as a primary key i.e. in this case you cannot edit the value of column key.
  • When you create the entry schema json file is automatically created at this location i.e. OAG- with file as settings_properties.json.
  • Now you can edit this file also to add or modify the values in kps.
  • you need to restart the oag instance to reflect the updated values.
Access kps collection in OAG policies

KPS data can be access in oag policies by using the selectors as below:

for example: to access value of OAMHOST the selector expression is as follows


Sunday, August 7, 2016

Oracle webcenter portal 12c: failure to authenticate the user weblogic

I was working on webcenter portal 12.2.1 and trying to enable the discussion and forum for the portal. After Installing and configuring the discussion server when I try to connect from the portal I was getting below error:

failure to authenticate the user weblogic, due to: Unexpected error occurred, due to : Client received SOAP Fault from server : SOAP must understand error. MustUnderstand headers:["{}Security"] are not understood.


This error comes because internally webcenter portal uses saml token to authenticate the services provided by the discussion server. And webservice security is not configured as part of post installation task.


You need to configure the saml message protection policy in webcenter as shown below:

  • Go to EM console => from left navigation, select discussions

  • Now select owc_discussions => click on OWCDiscussionsServiceAuthenticated

  • On this service attach this policy i.e. oracle/wss11_saml_token_with_message_protection_service_policy

  • Now go back to owc_discussions again and select OWCDiscussionsServicePublic and attach the policy oracle/wss11_message_protection_service_policy

  • Now go to the service configuration to edit the values of discussion server connection as below:

  • Edit discussion connection and select message protection policy as shown below

  • Orakey is an alias from the certificate you generated in keystore see next section below

Generate certificate in keystore

  • Go to EM console => select keystore as shown below:

  • Create a stripe name OWSM and create a keystore with a name keystore as shown below:

  • select keystore and click on manage and generate new keypair and give the alias name as orakey.

  • Restart all the servers and its done.

Oracle SOA 12c: Error while deploying soa composite using maven : error: javax/el/ELContext

Today I was working on the Build automation for Oracle SOA 12c and configure the maven and Hudson tool for Continuous Integration. After configuring the maven on my local machine , I tried to compile the soa project but I was getting the following error:

"you may getting el context error while building soa project"
i.e. java.lang.NoClassDefFoundError: javax/el/ELContext


This problem can be solved by adding EL context dependency in maven plugin

Go to oracle maven home repository folder i.e.


open the oracle-soa-plugin-12.2.1-0-0.pom in any editor and add the following dependency


save the file and try to compile the soa project again.

Wednesday, June 8, 2016

Weblogic 12c: start and stop script for starting weblogic admin and managed server

As in my previous blog post I share the concept of starting and stopping nodemanager. In this blog post I am going to show you how you can start and stop weblogic admin server and managed server using admin server connection.

Start scripts for admin server and managed server

Well the basic logic to start admin and managed server is as:

  • Start the admin server using ./ script stored at the domain directory.
  • check for the admin server status is running or not by using same way as did for nodemanager in this post. But here we check for the string "RUNNING"
  • After admin started we invoke to start all the managed server cluster (all the server in a cluster will automatically start).
Here is the script:

rm -rf  *_Server.out AdminServer.out


nohup ./ > AdminServer.out &


while [ "$AdminStatus" = "STOP" ]; do
                echo $tfile

                count=$(cat $tfile | grep "RUNNING" | wc -l)

echo "The value of count is ${count}"

                if [[ "$count" -gt 0 ]]; then
                        echo "AdminServer Started..."
nohup $WEBLOGIC_HOME/common/bin/ > OSB_Server.out &
                        nohup $WEBLOGIC_HOME/common/bin/ > SOA_Server.out &
                        nohup $WEBLOGIC_HOME/common/bin/ > WSM_Server.out &

                        rm -f $tfile
                        exit 0
                    echo "Waiting For AdminServer To Start..."
        sleep 5s

echo "Please check ${tfile} log file for more issues"
exit 1 

In the above scripts I am calling three more scripts which are used to start the managed server cluster.

Content of the script is as follow:

connect('weblogic', 'welcome1', 't3://adminhostname:port')



Content of the script is as follow:

connect('weblogic', 'Oracle123', 't3://adminhostname:port')



Content of the script is as follow:

connect('weblogic', 'Oracle123', 't3://adminhostname:port')



Note: you can start the server instead of start cluster, refer this documentation 

Stop scripts for admin and managed server

For stopping managed server scripts first connect to the nodemanager and use the nmkill() method to kill the managed server

nmConnect('weblogic', 'Oracle123', '', '5556', 'BPMDomain', '/u02/oracle/config/domains/BPMDomain','ssl')




so you have to kill each server because there is no such method available to stop the cluster.

After that stop the admin server using this script.

nohup sh /u01/oracle/config/domains/BPMDomain/bin/ &

Weblogic 12c: start and stop script for nodemanager

Recently I was working on the automated script to start and stop the nodemanager, AdminServer and all managed server (ESS, SOA, OSB, WSM) in a domain. So in this post I am going to share my work, it may be possible that these scripts may not be suited for your environment but yes It must give you a basic idea of how to start and stop nodemanager automatically.

Start scripts for nodemanager

Well the basic logic that I used to start the nodemanager is

  • check if nodemanager is running or not
  • start the nodemanager and take the output in a temporary file.
  • while the nodemanager is starting keep looking for the string "socket listener started on port" in a temporary file. 
  • if the matching string is found that means node manager is started and exit().
rm -rf nodemanage.*

status= ps -eaf | grep "weblogic.NodeManager" | grep -v grep| wc -l
echo $status
echo "Node Manager Directory: " $1

if [[ "$status" -eq 0 ]]; then
echo  $date " :Starting Weblogic NodeManager..."
echo $1
nohup $1 > $tfile 2>&1 &

echo  $date " :NodeManager is already RUNNING.."

if [ "$?" != 0 ]; then
echo "Command Failed To Execute Properly"
exit 1;

export a=0;
while [ $a -lt 10 ]; do
echo $tfile

count=$(cat $tfile | grep "socket listener started on port" | wc -l)

echo "The value of count is ${count}"                 

if [[ "$count" -gt 0 ]]; then
echo "NodeManager Started..."
rm -f $tfile
exit 0
echo "Waiting For NodeManager To Start..."
echo $a
sleep 5s
echo "Please check ${tfile} log file for more issues"
exit 1

Save the above script in .sh file e.g. Now to run this script you have to pass the location of the nodemanager i.e.

nohup ./ $DOMAIN_HOME/bin/ > nodemanage.out &

Stop script for nodemanager

To stop the nodemanager find the process id of nodemanager instance and kill that process id, here is the script below:

node1=$(ps -ef | grep weblogic.nodemanager | grep config=/u01 | awk '{printf $2}')

kill -9 $node1

Save the above code in the .sh file e.g. and execute the script as below:

nohup sh &

In the next post I am going to share the start and stop script for weblogic AdminServer and Managed server.